Vulnerable To Cyber Attacks, ADS-B May Expose F-22s To Web Based Tracking GAO Warns

Reserve Citizen Airmen from Tinker Air Force Base, Okla., fly a 507th Air Refueling Wing KC-135R Stratotanker out of Kona International Airport, Hawaii, Jan. 19, 2018, to refuel four 154th Wing Hawaii National Guard F-22 Raptors in support of Exercise Sentry Aloha. (U.S. Air Force photo/Tech. Sgt. Samantha Mathison)

A new report highlights the risks of ADS-B transponders. But it focuses on technology rather than operation security.

We have been writing about this topic since 2011. As most of our readers already know by now, Flightradar24 and PlaneFinder are two famous Web-based services that let anyone who has an Internet access on their computer, laptop or smartphone, track flights in real-time.

Aviation enthusiasts and geeks, journalists but also curious people use these portals to get details about civil and military flights all around the world.

The ADS-B system uses a special transponder that autonomously broadcasts data from the aircraft’s on-board navigation systems about its GPS-calculated position, altitude and flight path. This information is transmitted on 1090 MHz frequency: ground stations, other nearby aircraft as well as commercial off-the-shelf receivers available on the market as well as home-built ones, tuned on the same frequency, can receive and process this data.

Flightradar24 and PlaneFinder rely on a network of several hundred (if not thousand) feeders who receive and share Automatic Dependent Surveillance-Broadcast (ADS-B) transponders data and contribute growing the network and cover most of the planet.

Obviously, only ADS-B equipped aircraft flying within the coverage area of the network are visible.



Actually, in those areas where coverage is provided by several different ground stations, the position can be calculated also for those planes that do not broadcast their ADS-B data by means of Multilateration (MLAT). MLAT uses Time Difference of Arrival (TDOA): by measuring the difference in time to receive the signal from four different receivers, the aircraft can be geolocated and tracked even if it does not transmit ADS-B data.

Although the majority of the aircraft you’ll be able to track using a browser (or smartphone’s app) using the above mentioned Web-based tracking services are civil airliners and business jets, military aircraft are also equipped with Mode-S ADS-B-capable transponders: a 2010 Federal Aviation Administration rule requires all military aircraft to be equipped with ADS-B transponders by Jan. 1, 2020, as part of its program to modernize the air transportation system.

RQ-4 Global Hawk tracked during its mission near Crimea and over Ukraine on Jul. 20, 2017. The U.S. Air Force Global Hawk UAS are among the assets that can be regularly tracked online. (Screenshot from Flightradar24.com)

But, these are *usually* turned off during real war ops. Usually, not always.

In fact, during opening stages of the Libya Air War in 2011 some of the combat aircraft involved in the air campaign forgot/failed to switch off their mode-S or ADS-B transponder, and were clearly trackable on FR.24 or PF.net. And despite pilots all around the world know the above mentioned flight tracking websites very well, transponders remain turned on during real operations, making their aircraft clearly visible to anyone with a browser and an Internet connection. As a consequence, we have been highlighting the the risk of Internet-based flight tracking of aircraft flying war missions for years. In 2014 we discovered that a U.S. plane possibly supporting ground troops in Afghanistan acting as an advanced communication relay can be regularly tracked as it circled over the Ghazni Province. Back then we explained that the only presence of the aircraft over a sensitive target could expose an imminent air strike, jeopardizing an entire operations. US Air Force C-32Bs (a military version of the Boeing 757 operated by the Department of Homeland Security and US Foreign Emergency Support Team to deploy US teams and special forces in response to terrorist attacks), American and Russian “doomsday planes”, tanker aircraft and even the Air Force One, along with several other combat planes can be tracked every now and then on both FR24.com and PF.net.

A U.S. Air Force F-22 Raptor departs after receiving fuel from a KC-135 Stratotanker, assigned to the 340th Expeditionary Air Refueling Squadron, during a mission in support of Operation Inherent Resolve Aug. 22, 2017. According to GAO, ADS-B poses a threat to the Raptor stealthiness as it may expose the aircraft presence. (U.S. Air Force photo by Staff Sgt. Michael Battles)

Today, military planes belonging to different air forces as well as contractor and special operations planes can be regularly tracked while flying over Iraq, Afghanistan, Tunia, Egypt and many other “hot spots”.

A Government Accountability Office report released last month highlighted the risks of ADS-B. According to the watchdog agency neither the Department of Defense nor the FAA have taken significant steps to mitigate security risks associated with openly transmitting flight data from military aircraft (highlight mine):

Information broadcasted from ADS-B transponders poses an operations security risk for military aircraft. For example, a 2015 assessment that RAND conducted on behalf of the U.S. Air Force stated that the broadcasting of detailed and unencrypted position data for fighter aircraft, in particular for a stealth aircraft such as the F-22, may present an operations security risk. The report noted that information about the F-22’s precise position is classified Secret, which means that unauthorized disclosure of this information could reasonably be expected to cause serious damage to the national security.

Such risks have been highlighted since 2008 according to GAO:

In DOD’s 2008 comments about FAA’s draft rule requiring ADS-B Out technology, the department informed FAA that DOD aircraft could be identified conducting special flights for sensitive missions in the United States and potentially compromised due to ADS-B technology. Such sensitive missions could
include low-observable surveillance, combat air patrol, counter-drug, counter-terrorism, and key personnel transport. While some military aircraft are currently equipped with Mode S transponders that provide individuals who have tracking technology the altitude of the aircraft, ADS-B poses an increased risk.

Moreover, there are concerns since the ADS-B technology is vulnerable to jamming and cyber attacks. GAO:

For example, a 2015 Institute of Electrical and Electronics Engineers article about ADS-B stated that ADS-B is vulnerable to an electronic-warfare attack — such as a jamming attack — whereby an adversary can effectively disable the sending and receiving of messages between an ADS-B transmitter and receiver by transmitting a higher power signal on the ADS-B frequencies. The article notes that while jamming is a problem common to all wireless communication, the effect is severe in aviation due to the system’s inherently wide-open spaces, which are impossible to control, as well as to the importance and criticality of the transmitted data. As a stand-alone method, jamming could create problems within the national airspace. Jamming can also be used to initiate a cyber-attack on aircraft or ADS-B systems. According to the article in the 2015 Institute of Electrical and Electronics Engineers publication, adversaries could use a cyber-attack to inject false ADS-B messages (that is, create “ghost” aircraft on the ground or air); delete ADS-B messages (that is,make an aircraft disappear from the air traffic controller screens); and modify messages (that is, change the reported path of the aircraft). The article states that jamming attacks against ADS-B systems would be simple, and that ADS-B data do not include verification measures to filter out false messages, such as those used in spoofing attacks.

Lack of solutions:

Although DOD, FAA, and other organizations have identified risks to military security and missions since 2008, DOD and FAA have not approved any solutions to address these risks. This is because DOD and FAA have focused on equipping military aircraft with ADS-B technology and have not focused on solving or mitigating security risks from ADS-B. The approach being taken by FAA and DOD will not address key security risks that have been identified, and delays in producing an interagency agreement have significantly reduced the time available to implement any agreed-upon solutions before January 1, 2020, when the full deployment of ADS-B Out is required.

So, GAO urges DoD and FAA to approve solutions that can address operations, physical, cyber-attack, and electronic warfare security risks; and risks associated with divesting secondary-surveillance radars (since the idea is to divest legacy radars and replace them with ADS-B only). However, based on our experience, proper procedures should be adopted (provided they are not there yet) in order to prevent big OPSEC failures. Indeed, whilst securing ADS-B is a must, it’s probably more important to turn off the Mode-S and ADS-B transponders when conducting missions that need to remain invisible (at least to public flight tracking websites and commercial off the shelf receivers). Unless the transponder is turned on for a specific purpose: to let the world know they are there. In fact, as reported several times here, it’s difficult to say whether some aircraft that can be tracked online broadcast their position for everyone to see by accident or on purpose: increasingly, RC-135s and other strategic ISR platforms, including the Global Hawks, operate over highly sensitive regions, such as Ukraine or the Korean Peninsula, with the ADS-B and Mode-S turned on, so that even commercial off the shelf receivers (or public tracking websites) can monitor them. Is it a way to show the flag? Maybe.

Summing up, FR24.com, PF.net, home-made kits etc. are extremely interesting and powerful tools to investigate and study civil and military aviation; until ADS-B is made more resilient and secure, air forces around the world have only to consider the risk of public flight tracking when executing combat missions in the same way other details, such as radio communications policies and EMCON (Emission Control) restrictions, are already taken into account.

Many thanks to @CivMilAir for helping preparing this article.

About David Cenciotti
David Cenciotti is a journalist based in Rome, Italy. He is the Founder and Editor of “The Aviationist”, one of the world’s most famous and read military aviation blogs. Since 1996, he has written for major worldwide magazines, including Air Forces Monthly, Combat Aircraft, and many others, covering aviation, defense, war, industry, intelligence, crime and cyberwar. He has reported from the U.S., Europe, Australia and Syria, and flown several combat planes with different air forces. He is a former 2nd Lt. of the Italian Air Force, a private pilot and a graduate in Computer Engineering. He has written five books and contributed to many more ones.